punch
Advanced tools
Comparing version 0.5.40 to 0.5.41
@@ -15,3 +15,3 @@ { | ||
], | ||
"version": "0.5.40", | ||
"version": "0.5.41", | ||
"homepage": "https://github.com/laktek/punch", | ||
@@ -31,3 +31,3 @@ "author": "Lakshan Perera <lakshan@web2media.net> (http://laktek.com)", | ||
"coffee-script": ">= 1.5.0", | ||
"connect": "laktek/connect", | ||
"connect": ">= 2.12.0", | ||
"cssmin": ">= 0.4.1", | ||
@@ -34,0 +34,0 @@ "fresh": ">= 0.1.0", |
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
0
1008367
150
+ Addedconnect@3.7.0(transitive)
+ Addeddebug@2.6.9(transitive)
+ Addedee-first@1.1.1(transitive)
+ Addedencodeurl@1.0.2(transitive)
+ Addedescape-html@1.0.3(transitive)
+ Addedfinalhandler@1.1.2(transitive)
+ Addedon-finished@2.3.0(transitive)
+ Addedparseurl@1.3.3(transitive)
+ Addedstatuses@1.5.0(transitive)
+ Addedunpipe@1.0.0(transitive)
+ Addedutils-merge@1.0.1(transitive)
Updatedconnect@>= 2.12.0